So far, I'd disagree with that. The malware detection is built into the system, invisible, automatic, and self updating. So the user doesn't have to do X, Y, or even Z at all. We're still at "It just works."

Not saying that couldn't change in the future, but we're not there yet.

Also, just because they could now bundle it in, doesn't mean it is the best option. Since they had to let other people do AV, most people have their own now. It would be a bad practice at best to make all the machines run two AV systems, and people would cry foul if the software they paid for was forcefully removed.
Microsoft isn't really able to solve it at this time, but it isn't really an incompetence thing.

Given that "Windows Security Center" already detects most remotely common AV packages and whines at you if you don't have one running and in good condition it would be simple enough to simply replace that behavior with "If 3rd party AV present, do nothing(as at present). If 3rd party AV not present or inactive, run MSE(instead of whining, as at present).

Doesn't change the effectively whack-a-mole nature of antivirus(particularly now that sneaky shit like kernel-mode DRM drivers and silent phoning home are features of "legitimate" software...); but it wouldn't be a significant problem in itself.

I was working at an ISP during that period. Before Win 95, we had to *license* Netscape, send out two floppies containing Netscape, Trumpet Winsock and a connection script on two floppies (or sell them in a box as our Internet Access Kit). When 95 came out, IE was free for the ISP, so only one floppy with a configuration script and IE. Later on, only the configuration script was needed. Since it was only one floppy and IE was free, it cost way less that way, and we saved one floppy. Besides, since everything was included in 95, it could even be done over the phone. That's what really killed Netscape IMO. Netscape 3.02 was a better browser than IE3 or IE4, but since IE was free and good enough, that's was people used, especially new costumers. Heck, I remember when we shipped Mosaic:)

So far, I'd disagree with that. The malware detection is built into the system, invisible, automatic, and self updating. So the user doesn't have to do X, Y, or even Z at all. We're still at "It just works."

If Microsoft had it's way, the malware detection would be built into the system as well (think Microsoft Security Essentials), but anti-trust fears and a huge security software market keep that from happening. And, as with Windows, until Macs are malware-proof (which they aren't) you still need to do X, Y, and Z. Even with the latest Apple updates.

So far, I'd disagree with that. The malware detection is built into the system, invisible, automatic, and self updating. So the user doesn't have to do X, Y, or even Z at all. We're still at "It just works."

Not saying that couldn't change in the future, but we're not there yet.

Okay, maccodemonkey, here's the thing: if the malware detection which is built into the system, invisible, automatic, and self updating is defeated within hours of it being release, we are no longer at "It just works." What part of "It doesn't work anymore" sounds like "It just works" to you?!?

Okay, maccodemonkey, here's the thing: if the malware detection which is built into the system, invisible, automatic, and self updating is defeated within hours of it being release, we are no longer at "It just works." What part of "It doesn't work anymore" sounds like "It just works" to you?!?

Because the user experience hasn't changed. The user neither notices the viruses, or the antivirus.

To a user, nothing has changed since before MacDefender.

Mac OS X and Linux have a root user that protects the system against rogue processes causing too much damage. Do we call that a fault in the system because it has to exist, or do we call that a solution?

No system is immune to trojans. Especially when users hand the trojan their root password, like what was done with MacDefender.

The real issue here is that actual users care very much more about the stuff under their user account that the stuff owned by root. Installing malware as a regular user can do plenty of bad stuff without needing root.

If Microsoft built MSE out of the box into windows they would find themselves in front of a court before it could run its first AV scan.

Maybe, but I am not so sure. Bundling tools in the OS that help protect the OS is a lot more justifiable than what they pulled with IE.

There have been many tools and utilities from third party developers that once filled shortcomings of the OS that have gradually been obsoleted as the OS has become more robust. I can't remember the last time I used XTree Gold out of anything other than nostalgia, as an example.

<quote><p>Apple's security update include a new daily malware definitions update. So this is hardly the easy defeat that the description is hinting at. More like the beginning of a long drawn out war...</p></quote>What I haven't been able to find anywhere is information on what sort of "definitions" are used.<br><br>

The system is based on OS X's existing "file quarantine" feature, which sets a flag on files originating from safari, mail, and a few other sources, which thr

It's a new piece of malware, as far as definitions go. It will be blocked tomorrow when the tool checks for new definitions.

It still requires that you dismiss the "this file appears to be a file downloaded from the internet from [address], are you sure you want to run it?" dialog box. Plus, with no admin password it's local user only (which is still bad, just not root capable).

Actually looking a bit deeper, some do show me as owner. It appears all of the system apps are owned by System. Most apps by 3rd parties are also owned by system, but those I packaged myself into DMG files for easier backup/installation are owned by me. I suspect my use of this type of backup isn't all that common though.

That's the interesting question, isn't it - the extent to which Apple has committed the resources to block malware effectively on a daily basis. It'll be interesting to see whether they can nip things in the bud sufficiently to dissuade the bad guys.

The article that is practically on the same page as this one mentions the daily updates to the definitions, and the daily checking by the new tool. Given that it's June 1st at the moment, "next month" is just baseless bashing.

Considering how long it took them to even acknowledge the first iteration gives me a little guideline. While there may be "daily updates", that doesn't mean that they develop the resolution in 24 hours. Granted, 30 days is a little excessive, but I'd be surprised if it showed up by the 20th.

And I don't guard the bridge, I live UNDER it, you insensitive clod =]

I believe it does have a leg up, but only in the sense that Unix in general has a leg up because the starting point was so different. Unix, Linux and the like have always had a leg up in that respect just by their nature. It's not trolling, it's simply fact. Windows has got much better in recent years - Win 7 is actually really good, and the instances of viruses is going down.

Yes you are trolling. You are repeating unsubstantiated claims based on hyperbole and wishful thinking. You and others are repeating these claims without ever - like you this time - offering any justification for what it factually *is* that gives it a leg up. Like all good FUD it has a little piece of truth on which it can embellish: DOS and the Windows 9x family were very much single-user in the design mindset. But Windows NT was not built upon DOS and neither Windows 9x. Windows NT was developed ground-up

I think having something ready to go ahead of time would be a potential waste of effort, since the new definitions might, by chance, detect it too.

Most of these malware apps are spread via hacked ad servers, which allows authors to touch millions of potential "customers" in a matter of hours with their new wares, so I suspect the most cost effective thing to do is to wait for a new definition update and then write and test new versions of the malware against the new definitions.

I have seen it attempt to get me to download it - I got hit by a google image search result where it showed me a "Finder" in Safari, with an almost convincing progress bar etc while it "scanned for viruses".

Same happened to me (Google image search and all, and not even for anything that would take me to the sort of places on the 'net where I'd expect malware to reside), except that it offered no download button and instead downloaded immediately. I have my Safari set up to not automatically open "safe" files, so that's as far as it got, but it was annoying nonetheless.

I was looking for a certain type of connector, so I google image'd it. While perusing results for something as totally bland as surface mount connectors, I suddenly got a UAC prompt. Even after canceling it, I got an icon in the taskbar. Thankfully the denied UAC kept it from getting its hooks in, and I promptly found and deleted the offending file.

Now, I won't even touch Google Image Search through a remote connection to a virtual machine running Chrome in a sandbox on someone else's network.

MacDefender tried to install itself on my system a few days ago. Oddly enough another fake anti-virus bit of malware did the same to my Windows machine on the same day. With MacDefender nothing happened as I have the open safe files option disabled in Safari. Of course on Windows it had already installed part of itself and was spamming UAC elevation requests non-stop until I nuked it, at least it looks like I did anyway.

I suppose it was only a matter of time until OS X became a target. Granted this isn't a

I only heard about this too. I also only heard about Windows viruses and trojans even though I also own a number of Windows machines.Bottom line - I don't expect my computers to ever be infected, but it's out there.

Usually while doing a Google image search. I was searching for everything from ships to aircraft, so this doesn't appear to be just a porn/warez problem.

Still, there's a major difference between this and Windows malware. The "Install me now" routine pops up, but you have to voluntarily enter your username and password for it to infect you on the Mac. You can become infected on Windows just by surfing the wrong website. But I suppose it's only a matter of time before the scumbag malware makers of the world find a way around that.

Translation: I'm a friendless neckbeard living in my mom's basement on Mountain Dew and Cheetos and am jealous of all those "hipster" kids with their friends and "cool" gadgets. Girls don't seem to appreciate I compiled my own kernel!

See, I can generalise too!

(seriously, I cannot see how you got to where you were from the OP's question, which had no grandstanding or platform flaming or anything, just a query about an issue that is apparently "widespread" and "menacing" (according to the article) on OS X.

Tommy: What's coursing? Turkish: Hare coursing. They set two lurchers – they're dogs, before you ask – on a hare. And the hare has to outrun the dogs.
Tommy: So, what if it doesn't?
Turkish: Well, the big rabbit gets fucked, doesn't it?
Tommy: [pauses and thinks] Proper fucked?
Turkish: Yeah, Tommy. Before zee Germans get there.

Once an operating system reaches a certain percentage of the market share, it becomes a viable platform for malware.
In other news, I have been using computers since the 286 days and I have yet to get a virus of any kind on any of my personal machines. Why? Because I'm careful. Malware only exists because people aren't careful. No operating system can prevent people from doing something dumb, so stop ragging on Apple (or Microsoft, or IBM, or whoever else you want to crucify) -- this is a problem with people, not software. Always has been.

Visiting a website shouldn't be able to install malware on my computer. Neither should opening an email, Flash applet, Java applet, Word document, etc. These are all the faults of the relevant vendors.

Installing random unsigned binaries from the internet? That should be able to do absolutely anything -- it needs to be able to for computers to be general purpose tools. And that includes malware.

TL;DR social engineering is the user's fault, but sec vulns do exist and are not.

Absolutely true, and I couldn't agree more. Remind me again how any of that applies here? None of those things you talk about have anything to do with this particular piece of malware. This malware doesn't install itself, no security vulnerabilities (aside from the user) are at play here, and Apple has responded by adding a daily auto-updating definitions file which will allow them to respond to these new variants in a timely manner without any further inconvenience to the user.

You know what they say. "There's no patch for stupidity" and "The problem most often lies between the chair and the computer." As long as humans will be humans, FUD will work, sex will work and "your children aren't safe" will work.

Right, people have been careless enough to go to a thoroughly reputable site that sells ads. People have even been so careless as to open email from frequent correspondents. (Both of those bit my wife, who's far from being ignorant or careless.)

Maybe, maybe not. I'm definitely careful, and common sense is always the best first line of defense, but malware still gets through sometimes. Last virus to hurt me would've done the same no matter how careful I'd been. A normally-safe and trustworthy site got hacked (smbc-comics.com, for the record), put a malicious Java applet into the page. I happened to visit in the few hours before the site manager was alerted and fixed the problem. Virus broke through whatever security Firefox and Java (both fully upd

Last virus to hurt me would've done the same no matter how careful I'd been. A normally-safe and trustworthy site got hacked (smbc-comics.com, for the record), put a malicious Java applet into the page.

>>>I have yet to get a virus of any kind on any of my personal machines

I don't believe you. Even back in the 68000 days, Boot Sector viruses existed. All you needed to do was copy a floppy from a friend and insert it into your drive. I got my first one in 1988 on my Commodore Amiga.

And today it's even easier, since javascripts often download payloads via advertising. You probably have a virus right now, and don't even realize it. Try running AdAware or Spybot. I'm sure they'll find at least o

I have been using computers since the 286 days and I have yet to get a virus of any kind.

The only people I ever hear say something like that are people who don't install AV software and thus have no idea they're infected. They rely on the fact that their computer works to tell them that everything's honky dory. Not saying you're one of those people, but if you're not, you're the first, and I'd say your success is more attributable to luck than skill, like avoiding STDs by only having sex with people who a

.. have they figured out how to install it without asking an admin user for permission?

Until that happens, it's not really a security issue, it's still a social engineering hack. And no platform is immune to social engineering hacks because there are always end users dumb enough to unlock the front door for whatever puts on a good show and let it walk right in and take over.

If someone figures out a way to bypass Installer and run unsigned code without at least throwing a warning, then I'll worry..

It is inevitable at this point. At the last pwn2own competition, security researchers were able to launch an application and write a file once the user visited a webpage. The article does not say whether or not the file was written to a protected directory or not. They just mention that the browser's sandbox feature was defeated.

Malware is a numbers game. Windows used to be the main player by a much larger margin and criminals knew that code over a poor or rare windows exploit generally infected far more computers than even some of the worst mac exploits.

As Mac OS gains more and more users (and similarly any other platform like IOS, Android, and *gasp* Linux) they become more and more vulnerable because rarer and rarer exploits still result in powerful botnets.

Apple has never been "virus proof," they just never had the numbers to make a lot of exploits worth the coding time.

Did Apple kind of shoot themselves in the foot with their "No Viruses/Malware" campaign? Yeah. (Nevermind that they never actually claimed you couldn't be infected...)

Is MacDefender a portend of Malware waves upon OS X? Unlikely, and it really has nothing to do with market share. I know this is a tired argument, but the "You're day is coming OS X, just wait until you're worthwhile to hack!" idea just hasn't played out no matter how many times security researchers shout it from their blogs/websites (ofte

Is MacDefender a portend of Malware waves upon OS X? Unlikely, and it really has nothing to do with market share. I know this is a tired argument, but the "You're day is coming OS X, just wait until you're worthwhile to hack!" idea just hasn't played out no matter how many times security researchers shout it from their blogs/websites (often times alongside links to purchase Macintosh AV software).

Of course it hasn't played out. Mac OS still only has a little over 7% of the market pinned down. Windows collectively (between XP, Vista and Windows 7) controls over 80% of the market. That means that besides smaller proof-of-concept exploits programed for fun, there is still very limited utility for mac malware in the wild.

All I'm saying is that getting from 2% to 8% market share will be much easier than getting from 8% to 32% and now that they're getting to almost an 8% market share, the first signs of malware are popping up.

I'd also like to say that while the 2nd MacDefender is indeed much more of a social engineering hack than anything, the first version did exploit a major bug which allowed root access without any additional permissions. Mac vulnerabilities are out there - and that one was a huge one so it was exploited, but look at the numbers - right now to get similar processing power or informational exploit pools, you'd have to have a hack that's literally 10 times as rampant on Mac than on PC.

All I'm saying is that getting from 2% to 8% market share will be much easier than getting from 8% to 32% and now that they're getting to almost an 8% market share, the first signs of malware are popping up.

But by this defintiion of malware, Unix had malware when it had a 0.001% market share.

Thank you. Calling this "malware" is like calling the video of a dog I just shot on my smartphone a feature film. It's a program that asks to be downloaded and installed, then does something different than the user expected. On top of that, a few websites have been designed to make it more likely that the user will download the program. It's essentially the same as those "pages to like" on Facebook that lure people in with a semi-naked picture then post crap all over their profiles. A tax on stupidity

That's what you get to see when this RogueAV tries to get on the system. There's nothing automatic about it, there is tons of user input, and that's precisely why it's not much to get worried about as a Mac user.

Just two clicks required to install malicious software after you've visited a hijacked site, with none of the usual warnings about downloading software from the internet that most platforms have added - with good reason, I might add? That's definitely a problem. Sure, no matter what you do there'll always be someone daft enough to jump through the hoops required to do something nasty, but making it that easy for websites to convince users to install software - and giving them that much control over the mess

I guess the "step up their game" comment was more in response to Apple's denial that MacDefender even existed for almost a month instead of dealing with the problem. The nature of Apple (closed market) does make it harder for malware to exist in the system, but outright denial of the problem for so long and then an admission of a known security flaw is just inexcusable.

If Apple can't adapt to the problems increased market share will bring, they'll have some major problems getting to the top of the OS mar

As far as the OS is concerned, this is just another application installer. It's a cinch to modify the installer to circumvent Apple's so-called security update for this. It really comes down to a user stupidity issue. If you're too stupid to avoid software from questionable sources you deserve what you get. No security update can protect you from yourself.

Which is why Mac OS X is going to be turned into iOS - pretty soon, you'll only be allowed to install signed binaries on Mac OS X. It will resolve the issue of people installing software from "untrusted sources," meaning anyone not paying Apple large sums of money.

How come everybody thinks this is where OSX is heading, while Microsoft runs a 100% closed source desktop OS with rumours of signed code required in the next version, just about invented the appstore-model for an appliance in the form of the Xbox Live Arcade (for the 1st gen Xbox, before it became the Marketplace)? Yet, nobody seems to worry about Microsoft owning >80% of the desktop market while doing exactly the same things Apple did, only years earlier.

No software can protect the user from themselves. If someone is determined to download something and install it, how do you prevent that short of locking the system like iOS? I really don't want to see that happening to OS X.

Whenever my wife entertains herself by gripping about the hassles, the bugs, the constant need to update software, I tell her that she (and most users) aren't really the intended users of personal computers. In radio terms, we're still in the early 1920's, when you had to know something about the technology to get more use than frustration out of the device.

Thus, why most people continue to click through the warnings and admin authentications, and wonder why the work of a moment takes so much effort to undo

>For years, computer geeks and the media alike have been hollering that everyone needs antivirus, and warning them of the dire dire dangers of not being protected. So now that malware is exploiting that by warning users (as their trusted Antivirus program!) that "we have detected these threats, you better act now", you want to call them stupid for trying to follow all those warnings?

WE HAVE ALSO BEEN YELLING AT YOU TO STOP CLICKING ON EVERY STUPID THING ON THE INTERBUTT. STOP PUNCHING THE MONKEY. STOP

It should have been something like iProtect, iAntivirus or AppleGuard or something.What are they coming to when they can't even get their developers to use the proper naming scheme?

Just another proof that Apple is no longer a proper computer business but a shiny-pocket-widget and things-for-your-shiny-pocket-widgets shop.Or was that a shiny-pocket-widget and things-for-your-shiny-pocket-widgets store?

What viruses, as a matter of interest? Or do you mean trojans, which are not the same thing at all - which are an issue for any OS, regardless of security since it's a social engineering issue (less so for Linux I would imagine, since the user base tends to be skewed towards people who can spot a trojan from a mile off).

It's hardly just "security through obscurity" - you make it sound like OS X was designed like a car with the doors and windows unlocked, when it clearly wasn't. It's not perfect, but it is pretty good, and it does receive regular security updates in anticipation of attacks against it, it's just not until now that we've seen anything widespread, and even then it's been pretty limited - an ineffective trojan that is easy to remove (takes about 3 minutes total, or less) that requires you give it your express permission to install (and your admin password). The new one is modified to be local user only, so doesn't even have root.

It's not great, clearly, since any malware targeting your platform is a pain in the ass, but you're painting it like OS X has been sitting here doing nothing for the 10 years it's been around and only escaped by standing behind Windows - the legions of security updates and software policy on the OS itself would beg to differ.

Not that even the very best and most secure OS could stop this malware (having never "seen" it before), since it's entirely a social engineering security bypass. The conman tricked his way past your security guards and is stealing your TV.

We know it's not a virus. But whether you like it or not, the word has become a generic term meaning "malware" to the layman.

Traditional, self-replicating, can-spread-through-no-other-means file-infector viruses on Windows are not particularly common these days. They exist, and there's generally one or two in the "top 10 things to watch for" at any given point in time but pure viruses don't represent the majority of malware and haven't done in some time. Typically, you'll find they also act as trojans and worms.

Ah, so it's ok to be fast and loose with the definitions and so on as long as it makes Apple look bad (vulnerability to viruses and worms is a considerably different kettle of fish to being vulnerable to trojans), but when it comes to Android malware, there's a sudden flood of "it's not that bad" and "it's a trojan, it's not *infecting* apps on the Android Market, how can it do that?!".

Just checking.

I'll concede the point if you'll go and post the same "it's ok to muddy it up" response to all those Android

It is still amusing to watch idiots proclaim "menacing" malware something first of all that requires you to download it and install it on your computer and second even when you do it does nothing menacing to your system:D.

OS X still has 0 viruses, which what I care about. If someone wrote a virus for OS X, something that installs without my intervention and approval, then I would be alarmed. Otherwise, I don't care about the social engineering attacks. Idiots will always fall prey to those.

So yes, I still feel infinitely safer using anything but Windows as far as viruses are concerned.

Don't act like it isn't possible it most definitely is possible. But no one has put the time in to write anything before because the user base is so small. As it begins to grow so will the number of exploits, however books are beginning to be put out on exploits in Mac OS and obviously the exploits are starting. I agree that this is completely user stupidity, but it slows that exploits are now being created to target Macs.

People have been saying this for the entire life of OS X, and I say "put up or shut up" - the claims are that it's just not worth it, or that no one cares, but that it's really a ripe, low-hanging fruit that is so vulnerable... yet no one has bothered, in 10 years , to even *try*? Not even to "stick Mac users' noses in it" (with the sort of "HAHAHA!" crowing that we've seen from slashdot users over this simple trojan).

You're telling me that *no one* in over 10 years has decided to prove this supposed "commo

While I'm not real impressed with what I know of Apple's security, this is a relatively small threat that relies entirely on social engineering that works or not regardless of OS, and is getting an immediate and effective response. It's too early to gloat yet.

How does it actually prove this? It's a trojan, the user is tricked into downloading it, and has to accept a system dialog that tells them that they are running an untested program downloaded from the Internet. The trojan doesn't do any privilege escalation, and it's trivially easy to remove. There's no way to prevent such programs in any OS other than the 'total lockdown' (e.g. iOS approach). I'll believe that the low market share argument holds when we start seeing genuine worms mass infecting OSX box